The 8 MNPI control gaps SEC examiners keep flagging
The April 2022 SEC Risk Alert on adviser MNPI compliance reads like a list of what examiners expect to find missing. If you run expert calls at a fund without a large legal team, treat it as a checklist.
The eight deficiencies that keep coming up
- Written policies not tailored to the adviser's actual business. Generic templates fail.
- Failure to identify and monitor all access persons, especially analysts running expert calls.
- Weak or nonexistent restricted lists for issuers discussed on calls or under NDA.
- No documentation around expert network calls, or notes so thin they are useless.
- Minimal testing of personal trading against research interactions.
- No pre-approval process for expert calls.
- No review of the expert network's own compliance program.
- Inadequate training on which questions are off-limits.
The legal frame, in three lines
Section 204A of the Advisers Act requires written MNPI policies reasonably designed for your business. Rule 206(4)-7 requires a written compliance program, a designated CCO and a review at least annually. Rule 204A-1 is the code of ethics piece: standards of conduct and personal securities reporting.
What a workable program looks like at a smaller fund
Six steps, and none of them need a Fortune 500 legal department.
- Risk assessment. Map every channel MNPI could enter through. Expert networks, bankers, board seats, alternative data, conferences.
- Written policy. Define MNPI in plain language. List prohibited questions. No unreleased financials. No current-quarter bookings. No deal pipeline tied to public names.
- Pre-clearance and logging. Every call pre-approved. Log date, participants, topics, issuers discussed, red flags.
- Monitoring and testing. Compare access-person trading against recent calls and restricted lists.
- Training. Onboarding plus annual refreshers, documented.
- Periodic review, at least annually.
Cadence that survives an exam
Annual: full policy review, refresh restricted-list criteria, retrain access persons. Quarterly: test personal trading against call logs, sample expert call notes. Monthly: update restricted and watch lists.
Escalation path
If an analyst thinks MNPI came up on a call: stop the call, email compliance, document the interaction, add the issuer to the restricted list, halt trading in that name until compliance clears it.
Examiners request multi-year data. Call logs, personal trading reports, restricted list history, communications samples. Build the process assuming they will ask.
At your shop, does an analyst need pre-approval before every expert call, or only for names already on the watch list?